States Champion Regulatory Streamlining; CFPB Remains Focused on Consumer Loan Servicing and Fair Lending

By Carol Beaumier, Executive Vice President and Managing Director
Regulatory Compliance Practice




While regulatory relief remains a topic within the Beltway, the Conference of State Bank Supervisors (CSBS), the nationwide organization of financial regulators from all 50 states, the District of Columbia, Guam, Puerto Rico and the U.S. Virgin Islands, has already taken action to streamline the multistate regulatory oversight framework for one group of its regulated entities – money services businesses (MSB). In April, the CSBS launched the Money Services Business Call Report (MSB Call Report) which will allow MSBs to submit a single periodic financial form and other activity reports rather than deal with state-specific reporting requirements in varying formats. The MSB Call Report includes a Financial Condition Report, Transaction Activity Report, Permissible Investment Report and (to be added in the fourth quarter 2017) a Transaction Destination Country Report. The initial report was due by May 15, 2017. While individual states need to opt into this reporting, this move is nonetheless a step in the right direction for the MSB community.

Among the topics on the agenda of the Consumer Financial Protection Bureau (CFPB) are mortgage servicing rights for consumers and fair lending. The CFPB’s 2016 final rule amending certain provisions of Regulation X (Real Estate Settlement Procedures Act) and Regulation Z (Truth in Lending) will be effective in October 2017. The rule requires a series of modifications to the procedures and technology platforms used by mortgage services. These modifications affect, among other things, key definitions (successors in interest, delinquency), lender-placed insurance, loss mitigation, communications with borrowers in bankruptcy, and periodic statements and coupon books. With the effective date less than six months away, mortgage services need to understand and be prepared to implement all of the required changes.

The 2016 CFPB Fair Lending Report, published in April, signals the agency’s fair lending priorities for 2017. These include identification of redlining activities; mortgage and student loan servicing issues based on race, ethnicity, sex or age; and fair lending challenges faced by women-owned and minority-owned businesses. Lenders engaged in mortgage and student loan servicing and small business lending activities should consider stepping up their monitoring and testing of these areas in preparation for upcoming CFPB examinations.

Learn more about these developments in our May issue of Compliance Insightsavailable here, and review our monthly recap of compliance developments on the same site.

Compliance News Roundup: The Clearing House AML Recommendations, CFPB on Alternative Data and More

Protiviti published its March issue of Compliance Insights this week. We sat down with Steven Stachowicz, Managing Director with Protiviti’s Risk and Compliance practice, to discuss some of the highlights. Listen to our podcast below, or click on the “Continue Reading” link to read the interview.


In-Depth Interview, Compliance Insights [transcript] Continue reading

Regulatory Activity Unabated Despite Uncertain Regulatory Outlook

Steve StachowiczBy Steven Stachowicz, Managing Director
Risk & Compliance




A month into the new U.S. administration, it’s clear that the political landscape is shifting. The administration has issued executive orders calling for a review of existing laws and regulations based on how they promote certain “core principles” related to the regulation of the U.S. financial system; a review of the Department of Labor’s Fiduciary Rule scheduled to take effect later in 2017; and an “implement one, repeal two” standard for the issuance of new regulations. Talk abounds about congressional actions aimed at actual or possible legislation, such as the TAILOR Act and the Financial CHOICE Act, which would affect the current regulatory structure as well.

The long-term ramifications of these actions for financial services regulation, supervision and enforcement are still unknown, and it may be some time before we have a clear view of what the future will look like. Meanwhile, financial institutions must still contend with the regulatory structure that exists today. Regulatory or self-regulatory agencies at the state, federal and even international levels are continuing to move forward with their existing supervisory and regulatory responsibilities. We address these in the February edition of Compliance Insights.

  • In the anti-money laundering (AML) space, we note that the Conference of State Bank Supervisors released a Bank Secrecy Act/AML Self-Assessment Tool to help financial institutions better manage money laundering risk. Risk assessments are top of mind for regulators, who consider logical, well-balanced and robust assessments the focal point of a sound risk management program. The self-assessment tool was issued not only to help provide transparency into how risks are assessed, monitored and communicated within an institution, but also to promote greater transparency among institutions to benefit the broader financial services industry.
  • Within the securities space, the Financial Industry Regulatory Authority (FINRA) published its Regulatory and Examination Priorities Letter for 2017, which identifies known and potential risks facing broker-dealers, investor relationship management and market operations. FINRA uses the annual priorities letter to communicate areas of focus for its information requests and examinations for the upcoming year. The 2017 letter highlights the “blocking and tackling” roles of compliance, supervision and risk management through FINRA’s focus on reviewing firms’ business models, internal control systems and client relationship management. Priorities identified for 2017 include: monitoring brokers with a history of disciplinary actions or complaints; sales practices; financial risk management and liquidity; operational risks; and market integrity.
  • Privacy concerns are atop the agenda for the European Commission (EC), which published the draft text of a proposed e-privacy regulation that, if adopted, would replace the EC’s current ePrivacy Directive with a more expansive regulation. Data privacy is a top priority for the EC, which seeks to establish a new privacy legal framework for electronic communications as part of a digital single market. The proposed regulation was developed with the intent to create better access for consumers and businesses to digital goods and services, level the playing field for digital networks, facilitate development of innovative services, and increase the growth potential of the digital economy.
  • Finally, the Consumer Financial Protection Bureau (CFPB) recently sued a bank for apparent unfair and deceptive practices related to enrolling customers into overdraft protection services. The suit contends that the bank violated the CFPB provision for implementing the Electronic Funds Transfer Act by misleading customers that overdraft protection was mandatory, concealing fees, deceptively seeking consent, and pushing back against customers who questioned the opt-in requests. Notably, the CFPB cites that the bank’s employee incentive program likely contributed to these issues, further highlighting the attention that the regulatory agencies are placing on sales practices and incentive compensation programs.

Even as Washington sorts itself out, financial institutions cannot lose sight of regulatory obligations and expectations that exist at the local, state, federal or even international level. The regulatory environment is likely to be quite dynamic in the foreseeable future, and financial institutions will remain challenged to manage their risks in this environment and not relax their compliance efforts.

Continue to follow our monthly roundups of compliance news here and on our site. The February issue is available here.


Bank Charters for Fintech Companies Top January Compliance News

Steven StachowiczBy Steven Stachowicz, Managing Director
Risk and Compliance




In December 2016, the Office of the Comptroller of the Currency (OCC), which oversees many of the largest banks in the country, released its plans to consider granting special-purpose national bank charters to a broad range of financial technology (fintech) companies, who are engaged in providing technology-driven financial products and services to consumers and small businesses. The idea is not without controversy as policy makers and industry participants alike debate the pros and cons of chartering such companies, and it raises important questions regarding the standards to which these companies will be held and the benefits to consumers such a move will provide.

The OCC plan tops the news in the January 2017 edition of Compliance Insights, and is highlighted there in further depth.

The products and services that fintech companies offer today rival many heavily regulated banking institutions, including in the areas of consumer and mortgage lending, payment services, financial planning and wealth management. Clearly, the OCC believes chartering these companies to be in the public interest, with the potential to both expand financial inclusion and empower customers to take more control of their finances. It is also an opportunity for the OCC to exert greater supervisory oversight of such companies, ensuring that they engage in safe and sound behaviors and treat consumers fairly, while also encouraging financial innovation.

The OCC makes clear that obtaining such a charter won’t be easy – fintechs will have to demonstrate sound business plans, appropriate risk management, and fundamentally strong financial strength and performance to meet the OCC’s high standards. As fintechs weigh the advantages of a charter against these costs, hardly anyone expects a rush of applicants in the short-term. However, with the proliferation of innovative technologies for financial products and services and increasing consumer adoption of these technologies, it is likely only a matter of time before you see the acronym “N.A.” (for “National Association”) at the end of the name of your favorite online consumer lender or payments provider.

In other compliance news:

  • The Consumer Financial Protection Bureau has released its semi-annual rulemaking agenda and announced its fair lending-specific priorities for 2017. Both announcements provide insights to the financial services industry regarding the agency’s rule-making and supervisory priorities in the upcoming year. Noteworthy items on the Fall 2016 rule-making agenda included arbitration, debt collection and integrated mortgage disclosures. In 2017, the CFPB will be targeting any potential redlining of minority neighborhoods, the role of race and ethnicity in mortgage and student loan workout options, and lending risks related to minority and women-owned small businesses.
  • The Financial Action Task Force (FATF) has published its first evaluation report since 2006. The international standards body, designed to develop and promote anti-money laundering and terrorist financing policies, gave the United States high marks, but identified several areas for improvement.
  • India’s effort to crack down on illegal cash holdings by voiding all 500 and 1,000 rupee notes has had the unintended consequence of digitizing the country’s illicit cash flow. The effort, which removed 86 percent of the country’s cash in circulation, has spawned money laundering networks and alternative money transfer systems. U.S. financial institutions should continue to pay close attention to this developing situation and monitor the potential money laundering risks to their institution.
  • And finally, the Federal Reserve Bank of New York is spearheading an effort to find alternatives to the London Interbank Offered Rate (LIBOR) in the wake of evidence that several banks had colluded to report rates favorable to their trading positions. A decision is expected later this year.

All of these issues are discussed in greater detail in the January 2017 edition of Compliance Insights. Links offering a deeper dive into each of the specific topics are also available.

Compliance Insights Latest: Regulator Warns on Sales Incentives, New York Fed on Ethics, and More

Steve StachowiczBy Steven Stachowicz, Managing Director
Risk and Compliance




Culture and ethics are important in financial services; this much has always been clear to anyone working in the industry. Consumers and businesses alike place a great deal of trust in the system, and continue to hold it in high regard even in light of recent scandals and events that have highlighted certain questionable practices, testing this trust. But culture and ethics are much more than empty statements printed on a poster or in an employee bulletin and posted in the breakroom – a financial institution must take tangible steps to instill in its employees the values it declares publicly. Risks and rewards should be managed in a manner consistent with these values, as well as applicable legal and regulatory requirements and expectations and the best interests of the institution’s customers. In our most recent edition of Compliance Insights, we share the latest public statements from the Consumer Financial Protection Bureau (CFPB) and the Federal Reserve Bank of New York related to these topics.

In November 2016, the CFPB issued a bulletin regarding detecting and preventing consumer harm from sales and production incentives (we provide examples of such incentives in our current edition). The CFPB stresses the importance of proper oversight of employee incentives, particularly those that may pose potential harm to consumers if not designed and monitored appropriately. The CFPB expects financial institutions that employ incentive compensation programs to implement effective controls and risk management oversight of both employees and service providers participating in the programs. The CFPB reminds institutions of its expectations that they establish strong compliance management systems that detect violations of Federal consumer financial laws and, in particular, prevent unfair, deceptive or abusive acts or practices (UDAAP). The CFPB makes clear that compliance departments have an important role to play in managing the risks associated with these programs.

The CFPB bulletin was issued a month after William Dudley, president and CEO of the Federal Reserve Bank of New York, called for increased regulatory oversight to ensure accountability for misconduct and lapses of ethical judgment at financial institutions. Among his suggestions, Mr. Dudley articulated the need for tangible regulatory requirements rather than principled high-level statements. He proposed certain solutions, such as a database of banker misconduct and an annual, industry-wide culture survey. However – and clear to anyone involved in financial services – the responsibility for reforming culture ultimately lies with the banking and financial services industry itself, and financial institutions must make coherent, comprehensive efforts to correct any cultural and ethical weaknesses.

 In other compliance news, the Financial Crimes Enforcement Network (FinCEN), in coordination with the Federal Bureau of Investigation (FBI) and the United States Secret Service (USSS), issued an advisory in September to help financial institutions identify and prevent the growing number of e-mail compromise fraud schemes.

The advisory includes a list of relevant red flags and detailed scenarios related to e-mail fraud schemes, and highlights the growing trend of cyber-enabled criminal activity. According to FinCEN, there have been approximately 22,000 reported cases of e-mail compromise fraud involving $3.1 billion in losses since 2013.

Finally, a study by the Global Association of Risk Professionals found that only half of the banks that were required to comply with Basel 239 risk data aggregation and reporting requirements by January 1, 2016 are in compliance. Risk data aggregation refers to a bank’s ability to consolidate various sources of risk data, such as loan default or derivative exposure across various business units.

For a more in-depth analysis of December’s compliance topics, you can read the full insights report here. We look forward to following and sharing more financial services compliance news with you in 2017. Happy New Year!

Compliance Insights Latest: The Future of Financial Regulation Still Unclear; Meanwhile, New Rules March On

Steven StachowiczBy Steven Stachowicz, Managing Director
Risk and Compliance




The recent election results weigh heavily on the minds of financial services professionals. All manner of questions have been raised regarding potential related regulatory impacts. Currently, there is ambiguity and speculation as to what changes are in store, when they will come, and the extent to which they will occur. What is certain is that change is inevitable, at least based upon what can be gleaned from the campaign trail and the agenda of the existing Congress.

We address some of the immediate reactions to the recent elections in our November edition of Compliance Insights. We will continue to monitor developments as they unfold, and provide our perspective in future editions. In the meantime, refer to Protiviti’s recent flash report for a more detailed, cross-industry perspective on the impacts of the recent elections.

Aside from the election, the November edition of Compliance Insights examines a new rule from the Consumer Financial Protection Bureau, finalized in October, that significantly changes the regulatory environment for prepaid accounts — including general-purpose reloadable and non-reloadable cards, such as payroll cards, student financial aid disbursement cards, tax refund cards, certain federal, state and local government benefit cards, and electronic wallets that store funds. The new rule, due to be implemented at the end of 2017, requires new disclosures to be provided to consumers at the time of purchase, including fees, terms and other comparative information; periodic statements listing recent transactions; dispute resolution procedures; and new protections if the prepaid account contains credit features. The article is on page 2 of the newsletter.

Also in October, the Department of Labor released the first in a planned series of FAQ documents to provide guidance on the implementation of its Fiduciary Rule, issued in April 2016. The rule was issued as an investor protection measure to identify, eliminate and mitigate against investment adviser conflicts of interest that could result in advice not aligned with clients’ best interests. The new rule redefines how retirement investment advice is communicated to investors, how and when adviser relationships are established, and how adviser compensation for products and services is earned. See page 5 in Compliance Insights for some of the specific questions addressed.

Other recent regulatory news we cover in our November edition:

  • The Financial Crimes Enforcement Network published an advisory and FAQs to help financial institutions comply with cybersecurity reporting obligations under the Bank Secrecy Act.
  • The Office of the Comptroller of the Currency published guidance on the periodic risk re-evaluation of foreign correspondent banking applicable to all national banks with foreign correspondent banking relationships.

We discuss all of these new developments, including our take on the financial regulations’ future, in detail in the full edition of Compliance Insights. Read it here.